It is a problem of lack well designed user-interface in DNS packet.
DNS from the beginning presents a tool more than a product.
Most of my friends who handles DNS create some PERL scripts or so.
Or try to use something from public domain but it is not adequate sometime.
Also a miscommunication between IP provider and customer pays a big
toll: one my friend can't get a right NS address records
long time because it "illegally" cached at some providers point
and nobody knows where.
- Leonid Yegoshin.
-------------------------------------------------------------------
>From: [EMAIL PROTECTED]
>
>On Tue, 25 Apr 2000 08:18:20 PDT, Bill Manning said:
>> The 2q2000 data for the in-addr tree shows 77402 unique
>> servers answering for 693,337 zones.
>> 19515 servers blocked/refused data. Of the 57887 that
>> answered, these are the numbers for improper configuration:
>>
>> BAD_SERVER: 4278
>> FORMERR: 8
>> NXDOMAIN: 28
>>
>> So, of the 57,887 visable servers, 4314 are improperly configured
>> in the visable in-addr.arpa. tree. Thats 7.45% of the
>> servers being "not well maintained". I know of no similar data
>
>Does "not well maintained" include the following:
>
>1) DNS server for the zone is originally configured correctly, and the
>first 20-30 hosts are entered with a proper A record and a PTR that matches.
>
>2) Clueful guy leaves, new DNS "goo-roo" takes over, and adds the next 300
>machines with just an A record, and no PTR matching. The checks you make
>would show this as "well maintained", even though 90% of the hosts are broken
>with respect to PTR entries.
>
>Given that 7% of the sites can't get past step (1), I'm willing to bet that
>a lot MORE of the sites are accumulating cruft under step (2).
>
>From: Jeffrey Altman <[EMAIL PROTECTED]>
>> % DNS reverse lookup tables (PTR) are not as well maintained as forward
>> % lookup tables (A) so they're even less reliable.
>>
>> This is an assertion that I've heard over the years
>> and I've come to beleive (based on regular audits of
>> the in-addr space) that this is an Internet equivalent
>> of an urban legend. I'd really like to see your backing
>> data on this.
>
>This is hardly an urban legend. Columbia University requires the
>use of tcpwrappers in Paranoid mode which requires that the forward
>and reverse lookups for an IP address in DNS match. The Kermit
>Project is based at Columbia University and uses its systems for
>our FTP and HTTP access. A week does not go by when we do not
>get complaints about people being unable to access our FTP server
>due to a failure of the forward and reverse to match.
>
>Just from the first 8 hours of logs today:
>
> proxauth3-bb2.globalintranet.net != 212.234.59.254
> hide193.nhs.uk != 195.107.47.193
> marta-c-gw.caravan.ru != 212.24.53.234
> su9127.eclipse.co.uk != 212.104.136.138
>
>Granted this is hardly a scientific study. But we see this from
>approximately a dozen new addresses every day.